18 matches found
PT-2026-52331
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A side-channel issue exists where an unprivileged application can attach a filter to TCP sockets to leak TCP sequence and acknowledgment numbers. This is achieved through the use of SO...
kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain()
A flaw was found in the Linux kernel. A local attacker with CAPNETADMIN capabilities, or remote packet traffic, could exploit a use-after-free vulnerability in the nftablesaddchain function's error handling. Successful exploitation could lead to a kernel crash, resulting in a Denial of Service Do...
kernel: refcount leak in ctnetlink_create_conntrack()
A memory leak problem was found in ctnetlinkcreateconntrack in net/netfilter/nfconntracknetlink.c in the Linux Kernel. This issue may allow a local attacker with CAPNETADMIN privileges to cause a denial of service DoS attack due to a refcount overflow...
kernel: refcount leak in ctnetlink_create_conntrack()
A memory leak problem was found in ctnetlinkcreateconntrack in net/netfilter/nfconntracknetlink.c in the Linux Kernel. This issue may allow a local attacker with CAPNETADMIN privileges to cause a denial of service DoS attack due to a refcount overflow...
kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params()
A flaw was found in the Linux kernel’s IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAPNETADMIN privileges to directly dereference a NULL pointer in xfrmupdateaeparams, leading to a possible kernel crash and denial of service...
kernel: xfrm: out-of-bounds read of XFRMA_MTIMER_THRESH nlattr
A flaw was found in the Linux kernel’s IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAPNETADMIN privileges to cause a 4 byte out-of-bounds read of XFRMAMTIMERTHRESH when parsing netlink attributes, leading to potential leakage of sensitive heap...
SUSE CVE-2012-6537
net/xfrm/xfrmuser.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAPNETADMIN capability...
DEBIAN-CVE-2021-42008
The decodedata function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAPNETADMIN capability can lead to root access...
PT-2021-7360 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.13.13 Description: The issue is related to a slab out-of-bounds write in the decode data function of the drivers/net/hamradio/6pack.c component in the Linux kernel. This can be exploited to gain access to...
kernel: net: Out of bounds stack read in memcpy_fromiovec
A flaw was found in the Linux networking subsystem where a local attacker with CAPNETADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto...
kernel: net: Out of bounds stack read in memcpy_fromiovec
A flaw was found in the Linux networking subsystem where a local attacker with CAPNETADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto...
Linux Kernel 'nft_flush_table' function local denial of service vulnerability
Linux is an open source computer operating system kernel. A local denial of service vulnerability exists in the Linux Kernel 'nftflushtable' function, which can be exploited by a local attacker with CAPNETADMIN to launch a denial of service attack...
DEBIAN-CVE-2013-6431
The fib6add function in net/ipv6/ip6fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a denial of service NULL pointer dereference and system crash by leveraging the CAPNETADMIN capability for an IPv6 SIOCADDRT ioctl call...
Kernel: xfrm_user information leaks copy_to_user_
net/xfrm/xfrmuser.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAPNETADMIN capability...
DEBIAN-CVE-2012-6536
net/xfrm/xfrmuser.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAPNETADMIN capability and providing a 1 new or 2...
kernel: nl80211: missing check for valid SSID size in scan operations
Multiple buffer overflows in net/wireless/nl80211.c in the Linux kernel before 2.6.39.2 allow local users to gain privileges by leveraging the CAPNETADMIN capability during scan operations with a long SSID value...
kernel: ipv4: netfilter: arp_tables: fix infoleak to userspace
net/ipv4/netfilter/arptables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by...
kernel: skfp_ioctl inverted logic flaw
The skfpioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFPCLRSTATS requests only when the CAPNETADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic"...